Channels

Services

Security Update for open source virus scanner

The developers of the open source virus scanner ClamAV have released version 0.95.1, denoting is as simply a "bugfix release" with no security warnings. However, security service providers such as Secunia and the French Vupen (formerly FrIST) classify it as a critical safety update.

This assessment is primarily due to a potential buffer overflow in the cli_url_canon() function used to process URLs. It can be exploited with specially crafted URLs to allow attackers to compromise and execute code through the virus scanner. Updating from older versions of ClamAV is strongly advised.